CVE-2012-0731 : IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent serv

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.

Published 2012-05-03 04:08:25

Updated 2025-04-11 00:51:22

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2012-0731

IBM » Rational Appscan » Version: 5.5.0.2 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 5.4 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 5.5.0.1 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 5.6.0 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 8.0.0.2 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 8.0.1 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 5.6.0.3 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 8.0.0 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 5.5.0 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 5.2 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 8.0.0.1 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 8.0.0.3 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 8.0.1.1 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:8.0.1.1:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 8.5.0 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:*
Matching versions
IBM » Rational Appscan » Version: 8.5.0.0 Enterprise Edition
cpe:2.3:a:ibm:rational_appscan:8.5.0.0:*:enterprise:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-0731

EPSS FAQ

0.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 48 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-0731

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:L/Au:S/C:C/I:N/A:N	8.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-0731

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0731

http://secunia.com/advisories/48968

Sign in

CVEs referencing this url
http://www.securityfocus.com/bid/53247

IBM Rational Products Multiple Security Vulnerabilities

CVEs referencing this url
http://secunia.com/advisories/48967

Sign in

CVEs referencing this url
http://www.ibm.com/support/docview.wss?uid=swg21592188

IBM notice: The page you requested cannot be displayed

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/74371

AppScan Enterprise configuration information disclosure CVE-2012-0731 Vulnerability Report

Jump to

Vulnerability Details : CVE-2012-0731

Products affected by CVE-2012-0731

Exploit prediction scoring system (EPSS) score for CVE-2012-0731

CVSS scores for CVE-2012-0731

CWE ids for CVE-2012-0731

References for CVE-2012-0731